A debug messages revealing unnecessary information vulnerability in Fortinet FortiExtender 7.6.0 through 7.6.1, FortiExtender 7.4.0 through 7.4.6, FortiExtender 7.2 all versions, FortiExtender 7.0 all versions may allow an authenticated user to obtain administrator credentials via debug log commands.
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:NFortinet Fortiextender
HWFortinetwszystkie wersjeFortinet Fortiextender Firmware
OSFortinet7.0.0 – 7.4.8 (bez)7.6.0 – 7.6.3 (bez)
Related vulnerabilities
A improper neutralization of special elements used in an os command ('os command injection') in Fortinet Forti...
An improper access control in Fortinet FortiExtender 4.1.1 - 4.1.9, 4.2.0 - 4.2.6, 5.3.2, 7.0.0 - 7.0.4, 7.2.0...
An improper limitation of a pathname to a restricted directory ('Path Traversal') vulnerability [CWE-22] in Fo...
A improper neutralization of special elements used in an os command ('os command injection') in Fortinet Forti...
A improper neutralization of special elements used in a command ('command injection') in Fortinet FortiExtende...